Ready or not, IPv6 is coming

Analysis Google last week touted the benefits and ease of switching to IPv6, the next generation internet protocol, while the IT world in general remains resolutely indifferent about the technology.

Uptake of IPv6 is low, despite predictions that IPv4 numbers will become used up in as little as two years. A recent survey by the Internet Society found that many within a small sample of internet industry heavy hitters reckoned IPv6 uptake was being driven more by fashion than a strong business case.

That's far from a universal view, with Google amongst the strongest proponents of early adoption of the next generation internet technology.

A team of Google engineers has worked on an IPv6 transition project on a part-time basis for about 18 months. The work means that the majority of the search engine giant's applications and services have supported IPv6 (as explained here) since January. Google Maps IPv6 support was added last month.

"We can provide all Google services over IPv6," Google network engineer Lorenzo Colitti said during a panel discussion at a meeting of the Internet Engineering Task Force (IETF) last week.

Google engineers took IPv6 from the development of network architecture blueprints and software engineering work, through a trial phase, until Google made IPv6-based services publicly available. The project used 20 per cent of a team of Google engineers' time between July 2007 until its completion in January 2009.

Putting together a pilot IPv6 network "was not expensive" nor particularly difficult, according to Colitti, who advised organisations to roll out next-generation IPv6 networks in stages. Colitti said that moving to IPv6 reduces the infrastructure and support costs associated with piece-meal upgrades to existing IPv4 systems, such as the addition of additional layers of Network Address Translator kit. NAT equipment allows multiple internet-connected devices to present the same IP address.

Colitti's paper on the benefits of IPv6, presented during the conference, can be found here.

Chicken and Egg

Google recently hosted a conference for IPv6 implementers, shortly after the ad aggregator published a manifesto on why IPv6 was a significant technology.

By expanding the number of IP addresses - enough for three billion addresses for every person on the planet - IPv6 will clear the way for the next generation of VoIP, video conferencing, mobile applications, "smart" appliances (Internet-enabled heating systems, cars, refrigerators, and other devices) and other novel applications.

In a report prepared for the National Institute of Standards & Technology in 2005, RTI International estimated annual benefits in excess of $10 billion.

Unfortunately, IPv6 presents a classic chicken-and-egg problem. The benefits of any one network operator, device vendor, application and content provider, or Internet user adopting IPv6 are limited if there is not a critical mass of other adopters. As a result, adoption lags.

Despite this enthusiasm (from Google at least) only a minority of organisations, admittedly very significant players including the US federal government, engineering services firm Bechtel, UK academic network JANET and err... The Pirate Bay, have embraced the next-generation Internet protocol.

Dedicated followers of fashion

A recent survey of ISPs, enterprises and network equipment vendors by the Internet Society (ISOC) found that the majority reckoned there were "no concrete business drivers for IPv6". Experts predict that the internet will run out of new IPv4 addresses within two years, but the majority of ISOC members responded that they would simply increase their use of network address translation (NAT) technology when the stocks of IPv4 addresses run out.

Some think they might be able to re-engineer their networks through renumbering but only two respondents suggested they would use IPv6 to address the problems of IPv4 address exhaustion.

When asked about what the business drivers towards IPv6 might be, the responses suggest a matter of adapting to the latest fashions rather than anything more concrete. "While there were no concrete business drivers for IPv6, the technology was being driven by a general perception about customer demand and a need to be prepared for the next large technology step in the evolution of the internet," ISOC reports.

Many of the respondents expected IPv4 and IPv6 networks to co-exist for some years. Converting applications running on IPv4 to run over IPv6 networks, rather than problems with rolling out IPv6 networks seemed the represent the greatest challenge to migration.

"While respondents who had begun IPv6 deployment reported gaps in support for IPv6 among tools and applications, they found the process of deploying IPv6 relatively straightforward," ISOC's report notes.

The anonymous survey of ISOC's 90 members covers some heavy hitters, but caution ought to be exercised before reading too much into its conclusions, particularly when some questions only elicited responses from 22 respondents. A more detailed summary of the findings from ISOC's survey can be found here.

Testing times

Organisations such as the US Department of Defense were early adopters of IPv6. News came out a few days ago of the Pentagon scrapping testing for whether kit was compatible with IPv6, but this was only to introduce a more comprehensive testing programme, starting in April, to evaluate software and hardware for interoperability more generally. Testing for compliance to IPv6 remains within a more encompassing testing regime, administered by the Defence Information Systems Agency (DISA), Network Worldreports.

In the meantime specialist IPv6 compatibility testing is carrying on, with an announcement last week that firewalls from Juniper Networks passed DISA's IPv6-compatible testing process.

To IP or not to IP

IPv6 was established as a replacement standard for the current generation of Internet Protocol, IPv4, by the IETF in 1995. IPv4 has a maximum address space of 4.3bn addresses, which engineers foresaw might run out 14 years ago, at the dawn of the interweb. IPv6 has a much larger address space, thanks to the use of 128-bit addresses, compared to the 32-bit address space of IPv4.

The widespread use of network address translation (NAT) has delayed to need to step-up to the more advanced technology. However although NAT works well for client-server internet applications, its use gets in the way of the deployment of applications and services where every device needs a unique IP address.

Even so, industry experts expect IPv4 address resources to run out by 2012. Japanese internet firm Intec NetCore has even written a web app that shows an IPv4 exhaustion counter. With 480m IPv4 addresses left, Intec NetCore reckons there's 788 days left till "X-Day" when the available addresses finally run out.

As well as tackling the long-predicted number shortage, IPv6 brings other advantages, including simplifying routing aggregation and address auto configuration. The protocol also brings integrated encryption and mobility benefits absent from IPv4.

Support for the protocol has gradually been introduced in operating systems and in networking hardware. For example, Cisco added IPv6 support on Cisco IOS and switches in 2001. Apple Mac OS X has supported IPv6 since 2006, with built-in support by Windows following the introduction of Windows Vista.

Layer 3

It's in areas such as switching and routing that IPv6 brings the greatest potential upheaval. ISPs and enterprises need to change their network architecture in preparation for the wider use of the protocol.

"Operating systems have supported both IPv6 and IPv4 for a good number of years with a dual stack, so you don't have to upgrade everything," explained Melvyn Wray, senior VP of product marketing at networking equipment firm Allied Telesis. "It's with layer 3 switches or routers and the WAN that you have problem."

While three or fours years ago IPv6 technology might have been considered "esoteric", the technology has become more important as the world runs out of IPv4 addresses. Wray argued that Asia was feeling the pinch earlier than the West. Simply adding more NAT kit is no solution to the problem, he argued.

"They are already running six or seven layers deep on NAT on some Asian networks. They will run out of addresses entirely in 12-18 months. It's not anything like as bad a problem in the West, although the increased use of Blackberries and iPhones is creating an extra demand for addresses.

"It's not just the addressing scheme. IPv6 offers more efficient routing and better security the IPv4," Wray told El Reg.

Adoption of the technology also changes the security landscape.

"Contrary to popular belief, I believe IPv6 is alive and well in certain small pockets of China and Japan, where it's actually pretty useful for them to effectively run a separate Asian internet space alongside the existing [western] one," Mark Sunner, an independent security consultant, told El Reg.

"The bigger question however is when will it get all the way down to western desktops, and this will take probably something as long as a decade, because that's just how long it will take to retire/expire all the legacy kit that's out there."

Sunner said that even though IPv6 might take years to be fully implemented, its incorporation in operating system stacks makes it an issue for penetration testers even now.

"It is widely accepted that IPv6 is always an eon away. Nobody actually cares about it - but they should; because it ships as standard in all the new versions of Vista, OS X, Ubuntu etc. and is often active," Sunner explained.

"This means that whilst you may not be able to browse the web via IPv6 any time soon, the person sat nearby in your office may be taking a look at your file system - courtesy of IPv6 - via tools that exist right now," he added.

A paper on penetration testing and IPv6, by H D Moore of Metasploit fame, can be found here. ®